Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/4z0Sk13hMc41BWYTv0z86E2UxVY.roa
File: 4z0Sk13hMc41BWYTv0z86E2UxVY.roa (raw, json)
Hash identifier: XnTrp07QMy6Ajh0v5xnmWplMX+y9M++PAZmAZ3ay+Tk=
Subject key identifier: E3:3D:12:93:5D:E1:31:CE:35:05:66:13:BF:4C:FC:E8:4D:94:C5:56
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 018C5F000707E8B163D25B60AB99964EF6FC
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/4z0Sk13hMc41BWYTv0z86E2UxVY.roa
Signing time: Tue 12 Dec 2023 17:08:06 +0000
ROA not before: Tue 12 Dec 2023 17:08:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 21507
IP address blocks: 79.73.128.0/17 maxlen: 24
79.73.64.0/18 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:5f:00:07:07:e8:b1:63:d2:5b:60:ab:99:96:4e:f6:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Dec 12 17:08:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e33d12935de131ce35056613bf4cfce84d94c556
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:b5:8f:75:01:af:5b:14:96:10:b2:0f:53:96:
06:c4:64:f5:45:fe:56:35:2b:aa:72:39:61:52:57:
ee:62:25:34:65:9b:6f:3d:c1:63:e4:07:dc:8d:b2:
ee:aa:0b:88:d0:09:26:38:21:2b:99:9f:da:17:88:
53:8a:40:ec:9e:90:c6:97:f1:7f:18:ef:bc:8d:a2:
21:09:f1:cf:1a:2b:85:b3:b8:da:7a:05:2b:e3:4b:
0b:06:62:dc:d1:c9:d1:00:07:cc:73:db:5f:39:5f:
64:da:d3:ed:17:ff:52:54:f0:5b:a3:1b:96:80:2c:
c3:99:a4:29:60:b0:62:3d:5b:5c:3f:54:95:1d:ba:
3f:6c:05:56:b9:66:ae:55:3b:ad:2e:22:dd:03:f9:
d5:f0:fe:23:fe:eb:92:54:d1:37:82:7e:f2:db:c4:
a4:ee:d8:99:5d:58:3f:31:6b:a4:dd:91:58:b8:75:
66:e5:a8:ea:a7:30:8b:4c:5b:54:7b:a0:06:7f:35:
90:51:88:c4:e2:72:4d:0a:9f:76:1e:b2:24:5d:48:
7e:03:e7:5c:db:a6:3b:1f:4b:ac:c7:c9:da:91:a1:
59:b5:d3:15:ba:83:c8:18:37:83:cd:6c:00:d5:ad:
fb:8b:ad:3b:95:9f:51:2d:0e:1a:14:3d:63:a9:25:
13:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:3D:12:93:5D:E1:31:CE:35:05:66:13:BF:4C:FC:E8:4D:94:C5:56
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/4z0Sk13hMc41BWYTv0z86E2UxVY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.73.64.0-79.73.255.255
Signature Algorithm: sha256WithRSAEncryption
c9:b4:37:f1:fa:62:05:e8:82:95:ce:ee:08:41:4a:dd:c3:31:
a2:8c:73:45:28:63:41:6d:ac:c3:f4:a6:4a:1c:19:13:0d:59:
0b:ce:c1:24:7b:4e:67:54:9f:04:4b:1c:98:19:15:ae:cd:8f:
23:17:40:db:d9:60:3f:55:4f:2b:ad:91:e9:b5:91:ac:a8:c7:
25:54:f1:d2:b9:60:8c:67:0a:4a:37:7f:45:46:5d:b3:cc:be:
a7:23:01:51:e5:3d:cc:48:ab:4c:66:05:7a:14:4d:ba:e2:e6:
b6:c9:85:c2:1c:9c:50:fa:8a:85:c7:00:68:d0:bb:f5:8b:b6:
9a:e6:c8:f0:fc:f8:ab:55:84:c0:52:40:51:5d:f2:52:30:2c:
d7:22:77:12:90:5f:32:04:20:cd:2f:31:c3:4d:24:65:25:68:
f2:15:2d:97:61:3f:68:db:2a:8a:92:2c:08:f4:d7:c4:86:47:
11:0d:07:b4:78:ef:e1:20:1b:a2:1b:a3:c4:ee:cb:f6:0e:19:
6c:bc:43:bb:f5:09:83:85:08:ff:fe:86:17:4f:a1:e4:c4:9f:
89:fe:25:e6:7d:f6:5e:c2:9e:96:1c:66:b2:93:37:2f:d1:fd:
40:ab:8f:62:c4:f3:aa:b1:d0:e2:d0:b5:55:72:b7:9b:f3:cf:
0f:9d:42:7d
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYxfAAcH6LFj0ltgq5mWTvb8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjMxMjEyMTcwODA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzNkMTI5MzVkZTEzMWNlMzUwNTY2MTNiZjRjZmNlODRkOTRjNTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7WPdQGvWxSWELIPU5YGxGT1Rf5W
NSuqcjlhUlfuYiU0ZZtvPcFj5AfcjbLuqguI0AkmOCErmZ/aF4hTikDsnpDGl/F/
GO+8jaIhCfHPGiuFs7jaegUr40sLBmLc0cnRAAfMc9tfOV9k2tPtF/9SVPBboxuW
gCzDmaQpYLBiPVtcP1SVHbo/bAVWuWauVTutLiLdA/nV8P4j/uuSVNE3gn7y28Sk
7tiZXVg/MWuk3ZFYuHVm5ajqpzCLTFtUe6AGfzWQUYjE4nJNCp92HrIkXUh+A+dc
26Y7H0usx8nakaFZtdMVuoPIGDeDzWwA1a37i607lZ9RLQ4aFD1jqSUTnwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFOM9EpNd4THONQVmE79M/OhNlMVWMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvNHowU2sxM2hNYzQxQldZVHYwejg2RTJVeFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDBAZPSUAD
AwFPSDANBgkqhkiG9w0BAQsFAAOCAQEAybQ38fpiBeiClc7uCEFK3cMxooxzRShj
QW2sw/SmShwZEw1ZC87BJHtOZ1SfBEscmBkVrs2PIxdA29lgP1VPK62R6bWRrKjH
JVTx0rlgjGcKSjd/RUZds8y+pyMBUeU9zEirTGYFehRNuuLmtsmFwhycUPqKhccA
aNC79Yu2mubI8Pz4q1WEwFJAUV3yUjAs1yJ3EpBfMgQgzS8xw00kZSVo8hUtl2E/
aNsqipIsCPTXxIZHEQ0HtHjv4SAbohujxO7L9g4ZbLxDu/UJg4UI//6GF0+h5MSf
if4l5n32XsKelhxmspM3L9H9QKuPYsTzqrHQ4tC1VXK3m/PPD51CfQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:44 2024 by rpki-client on console-fra.rpki-client.org